File name: | sample.doc |
Full analysis: | https://app.any.run/tasks/52997bb3-9b46-431b-9a9b-f9667db8bc25 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 06:21:42 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | 52945AF1DEF85B171870B31FA4782E52 |
SHA1: | 06727FFDA60359236A8029E0B3E8A0FD11C23313 |
SHA256: | 4A24048F81AFBE9FB62E7A6A49ADBD1FAF41F266B5F9FEECDCEB567AEC096784 |
SSDEEP: | 192:AEhM7fIUU09264wptGheab8h7Z/c+8poF1d3jvvtl59rGxjPQDasYBcG7h+:AqWfIz092hwLGAabkcfa7pr1lzyxjPQ9 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2216 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA21C.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:A8C9B2AE22E9E14A12CAC23E62FE650D | SHA256:623A530CD7605FDC1EAB5AF17585FB2954A62A296E97EC9951F4B32D9856F481 | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{98D7E264-9B12-4EF4-AD05-CCCC93409563} | binary | |
MD5:FD3E7FE6E1F8D0777862DCA4B67D548C | SHA256:CB913D949706A7EC7D2AE39CC5022DE7FEE8CD569E3D61251DB424040ABB0AB3 | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:BEBDBB0DB554C7D6D0F7194EE80D1E86 | SHA256:6097E1B76AC9C24D5E30D1532B1F33F555EC6C5D1DDA72E14B4E16CCAFEDC69C | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{0136A876-7177-4245-BD62-FCBC87840DBA} | binary | |
MD5:BEBDBB0DB554C7D6D0F7194EE80D1E86 | SHA256:6097E1B76AC9C24D5E30D1532B1F33F555EC6C5D1DDA72E14B4E16CCAFEDC69C | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$mple.doc.docx | pgc | |
MD5:DF71CDFEA07D8F8B13E49BB445F51A3C | SHA256:435CE294A08B691A526459F71FBA2F0F298B83C7979FF69245FB981A0BCB3C7E | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{89548529-B0DF-494C-9D69-EDBC387317B9}.FSD | binary | |
MD5:BDE2A55436A763504AA35A718B6501E0 | SHA256:4768A2D3DCD2C3D864D4C2166A76CB58D636E3C5C269E638501EA1B115CCF1E6 | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:FD3E7FE6E1F8D0777862DCA4B67D548C | SHA256:CB913D949706A7EC7D2AE39CC5022DE7FEE8CD569E3D61251DB424040ABB0AB3 | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{EF0F9BA4-751E-43FE-8174-5EE3F82CB42A}.FSD | binary | |
MD5:D9715300C1F6EADB907362ACF2F691B7 | SHA256:E8B9F296D3F3DF0BFA10D6E7968B7D390A37781667A38E1D5CBBD715D6D958BE | |||
2216 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |